Wire Guard Configuration
I have been able to get a full tunnel for wire guard to work. I however for the life of me cannot get access to my local lan no matter what acl I put in my place. My lan is 192.168.1.1/24 and my wire guard network is 192.168.9.1/24. I feel I am missing something blatantly obvious but just cant see it. Is there actually an omada cloud walkthrough for wire guard I have missed or anyone that has attempted and succeeded in what I am attempting to do.
LAN Interface/VLAN 1 is 192.168.1.1/24
Wire Guard Interface/VLAN 404 is 192.168.9.1/24
Successfully connects and routes all traffic through the tunnel and out. No LAN access no matter what acl is put in place to allow access between the networks.
Interface Addresses on Client App
192.168.9.3/24
PEER's Allowed IPs on Client App
0.0.0.0/0, 192.168.9.0/24
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, Allowed IPs is the entry for the Client to identify whether to forward data from the VPN tunnel.
This can be filled in as 0.0.0.0/0 when proxy access is required, i.e. all traffic goes through the VPN tunnel.
When you want to implement site-to-site, you have to set the allowed IPS to the real LAN segment on the Server side.
If there are multiple segments on the other side, only the mask needs to be changed.
If there are completely different segments, add the new segment and separate it with a comma.
So PEER's Allowed IPs on Client App should be real LAN segment on the Server side, LAN Interface/VLAN 1 192.168.1.1/24.
- Copy Link
- Report Inappropriate Content
So here is what I have for the client config on my phone...
Wire Guard (iPhone/Android)
[Interface]
Private Key: 8675309
Public Key: 9035768
Addresses 192.168.9.3/24
Listen Port: 51820
MTU: 1420
DNS Servers: 1.1.1.1, 1.0.0.1
[Peer]
Public Key: Puzzle
Preshared Key: Pieces
Endpoint: www redirected com 51820
Allowed IPs: 0.0.0.0/0, 192.168.1.1/24
So this is how my client configuration should look then on my mobile then? Asking here first since the last time I tried enabling it I locked up my router something fierce. 0.0.0.0/0 to my understanding makes the connection a full tunnel.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Nah no change still no local access to the network even if I remove the 0.0.0.0/0 from the Allowed IPs list.
- Copy Link
- Report Inappropriate Content
You need to make sure the allowed IP address you set on the ER605 Wireguard VPN Peers page is the same as the IP address shown on the Wireguard Client Interface page.
- Copy Link
- Report Inappropriate Content
I have verified that it is the same on the wireguard client app and vpn peers page on omada. It is giving me a full tunnel according to the IP address I am getting from IP Chicken and a Net Tool app on my phone. When I change the addresses so they don't match I no longer connect or get a full tunnel.
- Copy Link
- Report Inappropriate Content
Can you share the ACL settings with us?
And I just test locally on my device, I just put in 0.0.0.0 in the Allowed IP on the VPN Clients and it's working OK, I have multiple VLANs and can access my main LAN.
Maybe the ACL settings you have caused the issue.
- Copy Link
- Report Inappropriate Content
My mistake was following this walkthrough (https://www.tp-link.com/us/support/faq/3559/) when trying to setup the wireguard vpn. I created a new LAN/VLAN interface for wireguard during the initial setup that had the last octet as .1 for the router, the wireguard interface at .2, and my client device using .3. Once I deleted the LAN/VLAN interface from the wired networks I was able to successfully connect and browse my local network when connected to the vpn. The only thing I don't like about it currently and what I need to figure out is I can hit every LAN/VLAN in my network. I eventually only want to be able to hit my NVR and Omada controller through the tunnel however, so I need to figure that out.
Is there someplace here that has better walkthroughs for cloud/controller users over local configuration users?
So the Solution to my initial issue was I had a LAN/VLAN interface for wireguard in my wired networks and that needed to be deleted to be able to navigate my local network even though it was successfully tunneling all my traffic through the vpn.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1162
Replies: 8
Voters 0
No one has voted for it yet.